help wanted; PenDrive hidden file and shortcut folder problem

Custom Search

Hack in The Box
Experts Galaxy
UK Cheapest Hosting
DJ Software
Scanpst.exe
A3 Multifunction
Electricity Prices
Texas Electricity
Electricity Rates in Texas
Electric Companies in Texas
Web Design Geelong
SellSimple
MSN
Wallpapers
NewsApp Portal
Recover files from recycle bin

[Welcome to SCforum.info - Security [CENTRAL] Forum]

Welcome to SCforum.info - Security [CENTRAL] Forum, a home of the SCF Community devoted to provide Computer related News, Alerts, Downloads and FREE Help in such a way that even the novice computer user can understand.

Getting started using our community is extremely easy, check the two steps below:

Step 1: Create an account by clicking here and wait for approval from Administrator. It's completely free with no hidden strings attached.

Step 2: If you have a computer problem and need some help, or just want to take part in opened discussions, simply browse Forum. Once you *Register an account, you can quickly post your questions and comments.

(*Registered Members get: free support, also, they can communicate privately with other members via PM, removal of this message, see fewer ads and much more...)

[metalmunna]

Did somebody put exceptions for the pendrive or executable files in ePO?

no exceptions has been added for the pendrive on ePO, although we already added that executable files on unwanted programs policy to delete from everywhere but as i told before that it can change their own file name ... now waiting for the virus file from those lazy guys, when i will get those time i will share again ...

[metalmunna]

anyway, got the solution:

Problem Reported:
"Shortcut links" folder-like icon gets created which redirects to execute a hidden .scr, .exe files created by the virus itself on that particular drive and the Genuine files\folder gets hidden automatically".

For example, if you have a folder named "TEST" , then the virus will hide the folder and its sub-folder (if any) with SH attribute and creates shortcut folders with same name. User thinks that their folder are changed to shortcuts and cannot access any data. And if you check the properties of that shortcut folder, the Target path will be .scr, .exe file.


Solution:

Please be informed that this may happen due to a Vulnerability on the unpatched Operating System. Microsoft has released the hotfix (KB2286198) which will fix the vulnerability.

Please implement the hotfix on the affected Operating Systems specified on the link mentioned below.

"MS10-046: Vulnerability in Windows Shell could allow remote code execution"

http://www.microsoft.com/technet/security/bulletin/ms10-046.mspx

[Samker]

Solution:

Please be informed that this may happen due to a Vulnerability on the unpatched Operating System. Microsoft has released the hotfix (KB2286198) which will fix the vulnerability.

Please implement the hotfix on the affected Operating Systems specified on the link mentioned below.

"MS10-046: Vulnerability in Windows Shell could allow remote code execution"

http://www.microsoft.com/technet/security/bulletin/ms10-046.mspx

Thanks for info's MM... 

[hazedaze]

Just a quick thought,

It may that the file that is suspected of being a virus or  trojan has created a hidden partition which it keeps restoring from with an associated config file given it a list of different names to copy itself back as many provalent rootkit's/Trojan's/Virus's utilise the same trick, try Uf Disk utilitie's, can be found for free on the web with a bit of looking it's not designed for all USB sticks but I have yet to find on that this software wont work on this not only allows you to FULLY Format so you can use the FULL storage space of the pen drive but also allows you to create a secure partition create a CDFS partition so that you can boot form the USB stick as if it were a CD drive but more importanly it will obliterate any partition inc data that maybe lurking on the stick that Windows management tools simpy wont touch, out of interest you said about it being a govt based office enviroment, is this your pen or the company's?

Regds

HD

[metalmunna]

Just a quick thought,

It may that the file that is suspected of being a virus or  trojan has created a hidden partition which it keeps restoring from with an associated config file given it a list of different names to copy itself back as many provalent rootkit's/Trojan's/Virus's utilise the same trick, try Uf Disk utilitie's, can be found for free on the web with a bit of looking it's not designed for all USB sticks but I have yet to find on that this software wont work on this not only allows you to FULLY Format so you can use the FULL storage space of the pen drive but also allows you to create a secure partition create a CDFS partition so that you can boot form the USB stick as if it were a CD drive but more importanly it will obliterate any partition inc data that maybe lurking on the stick that Windows management tools simpy wont touch, out of interest you said about it being a govt based office enviroment, is this your pen or the company's?

Regds

HD

hi, thanks for the reply.

that's the staffs pendrive of that office and the user have no installation rights. so there has no way to execute any program by that user rights. that's a Microsoft security leak. only formatting wasn't solve coz that workstation keep doing same on any newly attached pendrive as well .. best way to get escape from there; keep update to date Windows Update from Microsoft .. if your OS is updated then it can't make any trouble .. anyway, have a nice day guys and thanks for the help ..